# Multi-tenant Nginx config
# Deploy to: /etc/nginx/sites-available/tenants.conf
# Symlink: ln -s /etc/nginx/sites-available/tenants.conf /etc/nginx/sites-enabled/tenants.conf
#
# Requires: certbot certificates for each domain
#   certbot --nginx -d bcards.site -d www.bcards.site
#   certbot --nginx -d spicylinks.site -d www.spicylinks.site
#   certbot --nginx -d luzlinks.site -d www.luzlinks.site

# ─── bcards.site → :8080 ───────────────────────────────────────────────────

upstream bcards {
    server 127.0.0.1:8080;
    keepalive 32;
}

server {
    listen 80;
    server_name bcards.site www.bcards.site;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name bcards.site www.bcards.site;

    ssl_certificate     /etc/letsencrypt/live/bcards.site/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/bcards.site/privkey.pem;
    include             /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam         /etc/letsencrypt/ssl-dhparams.pem;

    client_max_body_size 10M;

    location / {
        proxy_pass         http://bcards;
        proxy_http_version 1.1;
        proxy_set_header   Host              $host;
        proxy_set_header   X-Real-IP         $remote_addr;
        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_set_header   Connection        "";
        proxy_read_timeout 120s;
    }
}

# ─── spicylinks.site → :8082 ───────────────────────────────────────────────

upstream spicylinks {
    server 127.0.0.1:8082;
    keepalive 32;
}

server {
    listen 80;
    server_name spicylinks.site www.spicylinks.site;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name spicylinks.site www.spicylinks.site;

    ssl_certificate     /etc/letsencrypt/live/spicylinks.site/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/spicylinks.site/privkey.pem;
    include             /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam         /etc/letsencrypt/ssl-dhparams.pem;

    client_max_body_size 10M;

    location / {
        proxy_pass         http://spicylinks;
        proxy_http_version 1.1;
        proxy_set_header   Host              $host;
        proxy_set_header   X-Real-IP         $remote_addr;
        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_set_header   Connection        "";
        proxy_read_timeout 120s;
    }
}

# ─── luzlinks.site → :8083 ─────────────────────────────────────────────────

upstream luzlinks {
    server 127.0.0.1:8083;
    keepalive 32;
}

server {
    listen 80;
    server_name luzlinks.site www.luzlinks.site;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name luzlinks.site www.luzlinks.site;

    ssl_certificate     /etc/letsencrypt/live/luzlinks.site/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/luzlinks.site/privkey.pem;
    include             /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam         /etc/letsencrypt/ssl-dhparams.pem;

    client_max_body_size 10M;

    location / {
        proxy_pass         http://luzlinks;
        proxy_http_version 1.1;
        proxy_set_header   Host              $host;
        proxy_set_header   X-Real-IP         $remote_addr;
        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_set_header   Connection        "";
        proxy_read_timeout 120s;
    }
}